Amrit Poojari

• Overseeing Product Security for globally deployed payment application at Mastercard. Including Wallet, P2P transaction, BNPL, etc
• Leading security by design initiatives and guiding developers in building secure applications, improving the overall security for the product
• Conducting threat modeling, identifying gaps, and mitigating threats. Understanding business applications and actively participating in the design phase of application development to integrate security into all phases of the
• Software Development Life Cycle (SDLC)

Key Project Deliverables:

• Progressively developed new security features for a global payment wallet application
• Delivered architecture and secure design framework for a newly developed application focused on customer card interoperability
• Oversaw security for projects involving Wallet Payment, Tokenization, and Issuer-Acquirer Merchant integration
• Performed regular security design exercises for multiple regulatory applications across regions dealing with Card Dispute Resolution.
• Worked with teams to develop company-wide information assurance, security standards and procedures.
• Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
• Offered preventive training to harden personnel against intrusion vectors such as phishing, ransomware and more.
• Recommend improvements in security systems and procedures.
• Performed risk analyses to identify appropriate security countermeasures.
• Assisted with day-to-day operations, working efficiently and productively with all team members.

• Managing BAU security process for 8 internal applications
• Reviewing third party SAAS solutions with respect to architecture, deployment, security for over 10 products
• Contributing in S-SDLC efforts for secure code design
• Worked well in a team setting, providing support and guidance.
• Demonstrated strong organizational and time management skills while managing multiple projects.

• Lead the Application Penetration Testing team to identify vulnerabilities in Qualys products, networks, and endpoints
• Implement and operationalized Web Application Firewall across all product lines
• Supervise continuous security improvement initiatives, including DevSecOps and application security
• Personally identify and resolve critical vulnerabilities in Qualys products
• Design and operationalized Bug Bounty program for the Qualys products.
• Investigated incidents and wrote reports.
• Oversaw contract negotiations, budget implementation, disciplinary reviews, training and manpower work schedules.
• Supervised team of 3 security personnel.
• Evaluated security systems and procedures to identify areas for improvement.

• Managed team of penetration testers responsible for testing Bank's critical infrastructure
• Finding critical bugs in production applications as part of the Advanced PT activity Conducting application security assessments activities for Web Applications including Web services and actively participating in closure of security issues
• Conducting application security assessments activities for Mobile applications including Android & iOS and actively participating in closure of security issues
• Implemented security awareness programs and instituted compliance metrics to decrease enterprise risks
• Established polices, SOPs and security standards in accordance with federal regulations
• Evaluation & Implementation of security solutions for enhancing the security posture of the organization
• Implement & design policies for web application firewall (Akamai & Imperva)

Key Project Deliveries

• Achieved WAF blocking for external facing banking applications for AxisBank
• Implemented Anti Malware security solutions for 8 Axis mobile applications
• Successfully ran Red team / Blue team exercises as BAU Achieved 100% testing in calendar activities for source code review and penetration testing YoY
• Achieved around 70% automation in application security stack by implementing tools like Acunetix, Checkmarx (SAST & IAST), Appknox
• Performed security architecture review on 30 large enterprise applications
• Liaised between business and technology units to manage delivery schedules for applications.
• Gathered requirements and maintained communication between project teams, internal clients and external stakeholders.
• Communicated project status and change management metrices with upper management
• Analyzed company processes to determine outsourcing feasibility.
• Increased employee productivity by 60% through training and mentorship.
• Prepared status charts for weekly management meetings and shared updates to upcoming work alike

• Developed suggestions for technical process improvements to optimize resources.
• Managed implementation of new technological solutions resulting in increased efficiency.
• Recruited and trained IT security team members.
• Performed Application security testing for Web, Mobile and APIs

• Responsible to carry out Application security testing for a major US client in aviation industry
• Policy review of the security tools implemented as well as hardening of OS for ECG machine
• Worked effectively in fast-paced environments.

Leading a group of Security professionals for a Top Financial institute in India

• Worked on managing client queries, planning and strategizing security activities & risk mitigation with clients and regular meetings and discussions
• Review team member's assessments for all VAPT activities
• Strategizing & Schedule overall scope of Vulnerability managements assignments
• Recommend improvements in security systems and procedures.
• Performed risk analyses to identify appropriate security countermeasures.
• Conducted security audits to identify vulnerabilities.
• Leading PCI Audits, Application security, APT, ASV Scans
• Monthly discussion with client's application owners and presentation on the findings and the recommendations to Business Heads/Application Owners
• Tracking application vulnerabilities on the client environment and giving timely suggestions and mitigation controls for vulnerability closure
• Suggesting new Tools & Technologies to Clients, conducting POC's for tools and sharing Comparison reports.

• Projects include short term and long term assignments for various Banking and Financial sectors, Conducted Web Application testing for various Banking applications
• Projects include Security Configuration Audits, Hardening of Servers,Databases and Network devices
• Projects include Black box penetration testing of Servers,Databases and Network devices both using tools and Manually
• Conducted over 80+ Web application testing.
• Performed audits of subsidiaries to protect shareholders and potential investors from fraudulent or unrepresentative financial claims.